GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → buzzfeed → Sso

buzzfeed / Sso

Licence: mit
sso, aka S.S.Octopus, aka octoboi, is a single sign-on solution for securing internal services

Programming Languages

go
31211 projects - #10 most used programming language

Labels

securityauthenticationoauthaessso

Projects that are alternatives of or similar to Sso

Spring Security Pac4j
pac4j security library for Spring Security: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Stars: ✭ 231 (-91.85%)
Mutual labels:  authentication, oauth
Security.identity
.NET DevPack Identity is a set of common implementations to help you implementing Identity, Jwt, claims validation and another facilities
Stars: ✭ 165 (-94.18%)
Mutual labels:  authentication, oauth
Djangosaml2
A maintenance fork of the original and no longer maintained djangosaml2 library.
Stars: ✭ 143 (-94.96%)
Mutual labels:  authentication, sso
Dashport
Local and OAuth authentication middleware for Deno
Stars: ✭ 131 (-95.38%)
Mutual labels:  authentication, oauth
Hwioauthbundle
OAuth client integration for Symfony. Supports both OAuth1.0a and OAuth2.
Stars: ✭ 2,150 (-24.16%)
Mutual labels:  authentication, oauth
Cli
🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.
Stars: ✭ 2,151 (-24.13%)
Mutual labels:  oauth, sso
Turnstile
An authentication framework for Swift.
Stars: ✭ 163 (-94.25%)
Mutual labels:  authentication, oauth
Mern Boilerplate
Fullstack boilerplate with React, Redux, Express, Mongoose, Passport Local, JWT, Facebook and Google OAuth out of the box.
Stars: ✭ 112 (-96.05%)
Mutual labels:  authentication, oauth
Home
Welcome to Janssen: the world's fastest cloud native identity and access management platform
Stars: ✭ 176 (-93.79%)
Mutual labels:  oauth, sso
Nginx Http Shibboleth
Shibboleth auth request module for nginx
Stars: ✭ 168 (-94.07%)
Mutual labels:  authentication, sso
Hydra
OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Compatible with MITREid.
Stars: ✭ 11,884 (+319.19%)
Mutual labels:  oauth, sso
Oauthlib
A generic, spec-compliant, thorough implementation of the OAuth request-signing logic
Stars: ✭ 2,323 (-18.06%)
Mutual labels:  authentication, oauth
Fosite
Extensible security first OAuth 2.0 and OpenID Connect SDK for Go.
Stars: ✭ 1,738 (-38.69%)
Mutual labels:  authentication, oauth
React Native Instagram Login
a react native instagram login component (support android & ios). Pull requests are welcome!
Stars: ✭ 139 (-95.1%)
Mutual labels:  authentication, oauth
Xxl Sso
A distributed single-sign-on framework.(分布式单点登录框架XXL-SSO)
Stars: ✭ 1,635 (-42.33%)
Mutual labels:  authentication, sso
Spark Pac4j
Security library for Sparkjava: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Stars: ✭ 154 (-94.57%)
Mutual labels:  authentication, oauth
Cas Webapp Docker
Apereo CAS Server web application running inside a docker container.
Stars: ✭ 107 (-96.23%)
Mutual labels:  authentication, sso
Spring Webmvc Pac4j
Security library for Spring Web MVC: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Stars: ✭ 110 (-96.12%)
Mutual labels:  authentication, oauth
Pac4j
Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Stars: ✭ 2,097 (-26.03%)
Mutual labels:  authentication, oauth
External Auth Server
easy auth for reverse proxies
Stars: ✭ 189 (-93.33%)
Mutual labels:  authentication, oauth
View All Similar Projects ➔

sso

See our launch blog post for more information!

CircleCI MIT license Docker Automated build codecov.io

Please take the SSO Community Survey to let us know how we're doing, and to help us plan our roadmap!

sso — lovingly known as the S.S. Octopus or octoboi — is the authentication and authorization system BuzzFeed developed to provide a secure, single sign-on experience for access to the many internal web apps used by our employees.

It depends on Google as its authoritative OAuth2 provider, and authenticates users against a specific email domain. Further authorization based on Google Group membership can be required on a per-upstream basis.

The main idea behind sso is a "double OAuth2" flow, where sso-auth is the OAuth2 provider for sso-proxy and Google is the OAuth2 provider for sso-auth.

sso is built on top of Bitly’s open source oauth2_proxy

In a nutshell:

  • If a user visits an sso-proxy-protected service (foo.sso.example.com) and does not have a session cookie, they are redirected to sso-auth (sso-auth.example.com).
    • If the user does not have a session cookie for sso-auth, they are prompted to log in via the usual Google OAuth2 flow, and then redirected back to sso-proxy where they will now be logged in (to foo.sso.example.com)
    • If the user does have a session cookie for sso-auth (e.g. they have already logged into bar.sso.example.com), they are transparently redirected back to proxy where they will be logged in, without needing to go through the Google OAuth2 flow
  • sso-proxy transparently re-validates & refreshes the user's session with sso-auth

Installation

Quickstart

Follow our Quickstart guide to spin up a local deployment of sso to get a feel for how it works!

Code of Conduct

Help us keep sso open and inclusive. Please read and follow our Code of Conduct.

Contributing

Contributions to sso are welcome! Please follow our contribution guideline.

Issues

Please file any issues you find in our issue tracker.

Security Vulns

If you come across any security vulnerabilities with the sso repo or software, please email [email protected]. In your email, please request access to our bug bounty program so we can compensate you for any valid issues reported.

Maintainers

sso is actively maintained by the BuzzFeed Infrastructure teams.

Notable forks

  • pomerium an identity-access proxy, inspired by BeyondCorp.
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].